redirect flow.md

url: http://localhost:8080/auth/realms/saml-demo/protocol/saml?SAMLRequest=jVJdT8IwFP0rS99L9wHCGkaCECMJ6gLogy%2BmbHfSpGtnb4fy7x2bRHwQfWtuz7n3nHPvGEWpKj6t3U6v4K0GdN5HqTTy9iMhtdXcCJTItSgBucv4enq35GHP55U1zmRGkY5yGSwQwTppNPGmp%2BfMaKxLsGuwe5nB42qZkJ1zFWdMmUyonUHHR%2F7IZ1BWyhwAGPHmjUapxZH%2FG1o0dpgFoUpkRx80h9Kwk9y2RLwbYzNojSekEAqBeIt5Qhbzl2EeFIUQWxoXeUT7IipoHAcBjYPM3%2FbzUTgE0YAxbTzJPXzTEWtYaHRCu4SEfjCg%2FoiGVxs%2F5lHE%2Fag3iMJn4qVfQq6lzqV%2BvZzbtgMhv91sUpo%2BrDfEewKLrf0GQCbjox%2FeDrdny%2FvvOiZ%2FJD5mZ%2F27YRW%2Fbxou5qlRMjt4U6XM%2B6zJ2zVZOFtDG24p3GUJx4rMadFCubNCowTtCJt0I3%2Be5eQT

gzip inflate and base64 decode:

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="http://localhost:8080/employee/" Destination="http://localhost:8080/auth/realms/saml-demo/protocol/saml" ForceAuthn="false" ID="ID_7d1ffaab-9fd3-4a3f-9911-91c0b4d827ea" IsPassive="false" IssueInstant="2015-08-26T09:33:03.532Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
   <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8080/employee/</saml:Issuer>
   <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
</samlp:AuthnRequest>

POST http://localhost:8080/auth/realms/saml-demo/login-actions/authenticate?code=iiL4GEbH-xu55v2K8NYpRo9i37yeHMtGfuYhgmwnq-0.9dd35ab3-5ed7-4237-b015-1caa58a17fd1&execution=a2982cc0-fc05-410b-bf2a-fc1dd7205ef0

username:name
password:password

for a get we need sth like:

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="org.aerogear.Shoot://oauth2Callback" Destination="http://localhost:8080/auth/realms/saml-demo/protocol/saml" ForceAuthn="false" ID="ID_c5e343e5-39b0-41d3-98fa-6c3c8ffc4a24" IsPassive="false" IssueInstant="2015-08-26T12:51:12.165Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-GET" Version="2.0">

<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8080/sales-post/</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>

</samlp:AuthnRequest>

zVVdb9owFP0ryO8mzhckFiB1RZuQ2k4qVTXtZXLsm5ItsVHsqOzf7yYQRBil1Z72gvD1udfnnvuRmRVVueWPYLdGWxjtqlJb3hnnpKk1N8IWlmtRgeVO8vXN%2FR0Pxoxva%2BOMNCU5cbnuIayF2hVGk9ESrCu0aA9zYuqXsYDavICox%2BuNMY57nhGN2wS3oiwzIX%2BR0Wo5J6vlDz%2BNYpGpiMpACRr5QUCzkMV0kgOLU4j9qe8jWPf5PJnOTcYQRiHENEwzhm4qpGmSCzqRoUzyXEYiiNDN2gZW2jqh3ZwEzI8pS2gwfWJTHifcD8YJi7%2BT0TPUtmOOWZHFrM2cd771YuPcFtmXRopyY6zjCUuY1%2Bbi1SDKynotmiqozMw7dZzt67B2wjV2eLo1CkbPomzgur62Q%2FN1IyVYS7zF%2FoVhUH7TV2Fftw%2BX7FCAbJpAFKSKRtLHn2SqaAoyonE6meYsj%2BPYh%2F9ASVQh%2BwnSHU4PmNlqOfps6kq46ym3lkLRvINyVwttC9COLL7QBII0TpIJjZSIaDSNFE0SyKgMWZ77WeZjLx247B8ccrk1Oi%2FaqK349%2BA2Rl2nIiue4UxATd4OtBRO%2FGu%2FPxj3VX%2Btb3IH9bBKCWch99mhSo8gi20rwsdmtW%2B8S3TPrg55IUIV7bVtOX0CFB8utU1P6G3iiEuPuL7jG4XkJaBGri7knsbg5o1ms6IES7d49g60jw5n50Fo7yyn42Nuo9tRhAqlHHXHd0ZkgrmucZYxykor2M1JmikcwDylqZi0fahw%2F4lJTAXLWAZ5LIIUyOmDSMPBzl0w3ZY43Y%2BQL64uAMlli0Nzo%2B0WGyEvQB2zvxDtwt3AdlSgp%2BRQuaxx8ObFqB2mOXk0JW6W9v9Hxligd2vtBzlDnCTnobuteviA7XAXHvrg9fV1%2FBqOsdm9gD

SAMLResponse
once url decode + XML decode and inlfate

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="org.aerogear.Shoot://oauth2Callback" ID="ID_1945abd4-c2da-4122-b305-6fe059e51711" InResponseTo="ID_c5e343e5-39b0-41d3-98fa-6c3c8ffc4a24" IssueInstant="2015-08-27T07:58:12.805Z" Version="2.0">

<saml:Issuer>http://localhost:8080/auth/realms/saml-demo</saml:Issuer>
<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
<saml:Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_b78e429d-4c1d-487d-9ec4-5967f0f5551e" IssueInstant="2015-08-27T07:58:12.805Z" Version="2.0">

<saml:Issuer>http://localhost:8080/auth/realms/saml-demo</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">G-8e295886-4da4-474d-88eb-c30ff1bb1c8f</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="ID_c5e343e5-39b0-41d3-98fa-6c3c8ffc4a24" NotOnOrAfter="2015-08-27T08:03:10.805Z" Recipient="org.aerogear.Shoot://oauth2Callback"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2015-08-27T07:58:10.805Z" NotOnOrAfter="2015-08-27T07:59:10.805Z"><saml:AudienceRestriction><saml:Audience>http://localhost:8080/sales-post/</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2015-08-27T07:58:12.806Z" SessionIndex="9bd78ef9-9a66-4dd2-ba65-a0b0bef5a29e"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="Role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2"e

private string GenerateSAMLRequest(string xml)
{
    var saml = string.Format(xml, Guid.NewGuid());
    var bytes = Encoding.UTF8.GetBytes(saml);
    using (var output = new MemoryStream())
    {
        using (var zip = new DeflateStream(output, CompressionMode.Compress))
        {
            zip.Write(bytes, 0, bytes.Length);
        }
        var base64 = Convert.ToBase64String(output.ToArray());
        return WebUtility.UrlEncode(base64);
    }
}

private string DecodeSAMLResponse(string response)
{
    using (var input = new MemoryStream(Convert.FromBase64String(WebUtility.UrlDecode(response))))
    {
        using (var unzip = new DeflateStream(input, CompressionMode.Decompress))
        {
            using (var reader = new StreamReader(unzip, Encoding.UTF8))
            {
                return reader.ReadToEnd();
            }
        }
    }
}